Debugging the Identity Mapping Service
Through the idmap service, you can control the diagnostic verbosity in a number of areas. The debug property group defines several properties that control the debug verbosity in a particular area of the application. For all areas, the default is 0, which produces error reports but no output in normal cases. The higher the value, the more verbosity is provided. Some properties support negative values to suppress reporting of errors.
The debug/all property acts as a master control. The effective value that is used for each area is the maximum of that area's property value and the value of debug/all. Thus, setting debug/all to a large value enables all available debugging output.
Output that is enabled is routed to syslog and the SMF service log, /var/svc/log/system-idmap:default.log. The syslog.conf settings further filter the logged information.
The following example shows how to use the svccfg command to set the property values and then use the svcadm refresh command to make them effective.
$ svccfg -s idmap setprop debug/discovery = 2 $ svcadm refresh idmap $ svcprop -p debug idmap
The following table summarizes the initial debug output.
| Property | Level | Output |
|---|---|---|
|
|
1 |
Configuration changes Loading configuration, beginning and end of discovery cycle Startup configuration Events that trigger reconfiguration Inability to discover domain configuration values |
|
|
2 |
Events that get noticed but do not trigger reconfiguration |
|
|
1 |
Mapping trace, as in |
|
|
0 |
DNS errors |
|
|
1 |
DNS queries and results |
|
|
0 |
LDAP authentication errors |
|
|
1 |
LDAP connection errors |
|
|
1 |
Result of AD domain service discovery step |
|
|
2 |
Starting discovery step Interim discovery results |
|
|
1 |
Report when request-processing threads are created or destroyed |